package com.nbst.controller.base;

import java.util.HashMap;
import java.util.Map;

import javax.servlet.http.HttpSession;

import com.nbst.comnutil.DESUtil;
import com.nbst.comnutil.LogOut;
import com.nbst.comnutil.NormalResult;
import com.nbst.comnutil.StringUtil;
import com.nbst.model.base.User;
import com.nbst.service.base.IDataBaseService;
import com.nbst.service.base.IUserService;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.DisabledAccountException;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.RestController;

/**
 * 
 * @ClassName: LoginController
 * @Description:用户登录
 * @author King
 * @date 2018-8-27
 *
 */
@RestController
public class LoginController {

	@Autowired
	IUserService userservice;

	@Autowired
	IDataBaseService basesservice;

	@Autowired
	LogOut logout;

	/**
	 * 
	 * @Title: login @Description: 用户登录 @param @param account @param @param
	 *         password @param @param session @param @return @return
	 *         NormalResult @throws
	 */
	@PostMapping(value = "/login.action")
	public NormalResult login(String account, String password, String type) {
		NormalResult result = new NormalResult("9999", "登录失败");
		if (StringUtil.isEmpty(account)) {
			result.setMessage("获取用户名失败，请刷新页面");
			return result;
		}
		/**
		 * 使用Shiro编写认证操作
		 */
		// 1.获取Subject
		Subject subject = SecurityUtils.getSubject();

		// 2.封装用户数据
		UsernamePasswordToken token = new UsernamePasswordToken(account, DESUtil.encrypt(password), type);
		try {
			subject.login(token);
			result.setCode("0000");
			result.setMessage("登录成功");
			User user = (User) SecurityUtils.getSubject().getPrincipal();
			// 如果供应商id大于0则说明该用户为供应商
			if (user.getfSupplierId() > 0) {
				result.setType("supplier");
			}
			// 如果客户id大于0则说明该用户为客户
			if (user.getfCustomerId() > 0) {
				result.setType("customer");
			}
			// 如果以上两个都不是则说明该用户为本厂员工
			if ((user.getfCustomerId() == 0) && (user.getfSupplierId() == 0)) {
				result.setType("emp");
			}
			return result;
		} catch (UnknownAccountException e) {
			result.setMessage("用户不存在");
			return result;
		} catch (IncorrectCredentialsException e) {
			result.setMessage("密码错误");
			return result;
		} catch (DisabledAccountException e) {
			result.setMessage(e.getMessage());
			return result;
		}
	}

	/**
	 * 
	 * @Title: getsession @Description: 获取用户Session信息 @param @param
	 *         session @param @return @return Object @throws
	 */
	/*
	 * @PostMapping(value = "/getSession.action") public Object
	 * getsession(HttpSession session) { User user = (User)
	 * session.getAttribute("user"); // user.setuPassword(""); JSONObject json = new
	 * JSONObject(); json.put("rows", user); return json.toString(); }
	 */

	/**
	 * 
	 * @Title: removeSession @Description: 退出当前登陆 @param @param
	 *         session @param @return @return NormalResult @throws
	 */
	@RequestMapping(value = "/removeSession.action", method = RequestMethod.POST)
	@ResponseBody
	public NormalResult removeSession(HttpSession session) {
		session.removeAttribute("user");
		NormalResult result = new NormalResult();
		result.setCode("0000");
		result.setMessage("退出当前用户");
		return result;
	}

	/**
	 * 
	 * @Title: removeSession @Description: 根据id、密码做验证 @param @param
	 *         session @param @param id @param @param
	 *         password @param @return @return NormalResult @throws
	 */
	@RequestMapping(value = "/verifyPassword.action", method = RequestMethod.POST)
	@ResponseBody
	public NormalResult removeSession(String id, String password) {
		User user = (User) SecurityUtils.getSubject().getPrincipal();
		NormalResult result = new NormalResult();
		if (user != null) {
			if (!StringUtils.isEmpty(id) && !StringUtils.isEmpty(password)) {
				Map<String, Object> map = new HashMap<>();
				map.put("id", id);
				map.put("password", DESUtil.encrypt(password));
				if (userservice.findByCondition(map).size() == 1) {
					result.setCode("0000");
					result.setMessage("密码正确");
				} else {
					result.setCode("9999");
					result.setMessage("密码错误");
				}
			} else {
				result.setCode("9999");
				result.setMessage("密码不能为空");
			}
		} else {
			result.setCode("9999");
			result.setMessage("该登录用户信息已过期，请重新登录");
		}
		return result;
	}
}
